What Is a Short Code Audit?

SMS short codes are provisioned by the wireless carriers with the expectation that the owner of the short code will follow the CTIA Short Code Monitoring Handbook rules and regulations. While most short code owners follow the rules, it’s still essential for the CTIA to do in-market monitoring of short codes to ensure everyone’s compliance.

A CTIA short code audit occurs when a live short code program violates the standards set out in the CTIA Short Code Monitoring Handbook. The CTIA employs a sophisticated in-market monitoring tool to detect these violations. This tool reviews short code campaigns that are being advertised to the public.

CTIA conducts weekly compliance audits for standard-rate short codes leased with the Short Code Registry. CTIA audits are published at 2:00 AM EST every Tuesday and cover issues with short code campaigns during the previous week.

CTIA distributes audit notices each week. Each CTIA short code audit will include:

  • A description of CTIA short code violation
  • A unique audit number
  • An SMS short code
  • An SMS service provider
  • An SMS aggregator (full list here)
  • A CTIA audit notice date
  • A CTIA audit cure date

CTIA short code audits are made available to all US wireless carriers that support short code messaging.

IMPORTANT: The CTIA does not monitor TCPA compliance for short codes. This is the short code owner’s responsibility.

short code audit

 

CTIA Short Code Audit Severity Levels

All CTIA short code audits are designated different severity levels based on the harm done to the consumer. The severity of the CTIA short code audit will determine how fast the CTIA and the wireless carriers require you to fix the issue before they pursue further legal options.

The different severity levels are listed below, with Severity Zero reserved for the most extreme CTIA short code violations.

 

    Definition  Cure Date  Penalties
Severity Zero Extreme consumer harm Immediate CTIA: Immediate registry suspension

Carriers: Vary by case; immediate suspension or termination possible

Severity 1 Serious consumer 5 business days CTIA: Unresolved audits; possible registry suspension

Carriers: Vary by case

Severity 2 Moderate Consumer Harm 5 business days CTIA: Vary by case based on consumer harm

Carriers: Vary by case

Based on the above severity chart, it’s interesting to note that the vast majority of short code audits (80 percent and above) result in a pass, and Severity 0 failures are rare. The charts below may provide a better understanding of the failure rates for each severity level in short code audits, both in their advertising of the campaign and the actual messaging of the campaign.

 

CTIA Short Code Violation Examples

When a short code fails a CTIA audit, it’s either because of the way the campaign is being advertised to consumers or because of the consumer experience with the messaging flow. The following chart breaks down the most common causes for advertising violations and audits. While it’s evenly spread for the most part, most short code advertising audits come about because  the brand neglected to mention that “message and data rates may apply.” This is followed by a lack of a clear privacy policy and no link to a comprehensive terms and conditions document.

short code advertising

 

When failures occur with the messaging flow of the campaign, there’s a similar breakdown. The following chart states that the top violations are neglecting customer care contact information in messages and failing to disclose that “message and data rates may apply.” Failure to disclose to the consumer that they’re opting in for recurring messages takes third place.

short code messaging audit

 

CTIA Short Code Audit Communications

Have you received a CTIA short code audit? Don’t worry! The CTIA Compliance Care Team is there to help you! If you have a question about a CTIA audit or need help, leave a comment on the short code audit notice or email us.support@wmcglobal.com. The CTIA Compliance Care Team (Care Team) responds promptly to all messages regarding short code compliance. They are there to assist you as much as possible by helping you understand how to resolve short code violations and close CTIA short code audits.

 

CTIA Short Code Audit Retests

It’s your responsibility as a short code owner to communicate to the CTIA Compliance Care Team that the audit issue has been resolved. If the CTIA Compliance Care Team does not hear back in response to a short code audit, or if the short code owner doesn’t resolve the issue that triggered the audit notice, the short code is subject to further action by either the CTIA or the wireless carriers.

TV and Print Exceptions

The CTIA and the wireless carriers understand that it may not be possible to address an issue if the issue is caused by television or printed material. In these cases, short code owners may submit request for a short code retest on a date later than the required cure date. Retest requests for television or print advertisement violations require a clear explanation of the changes the short code owner will implement for the next round of advertisements.

CTIA short code audits awaiting a retest due to a television or print advertisement are categorized as “Pending Retest.”

 

CTIA Short Code Audit Appeals

If you believe a CTIA short code audit is not valid, you may challenge the audit by emailing the CTIA Compliance Care Team at us.support@wmcglobal.com. The challenge must be received before the cure date on the short code audit notice and must include an explanation of why you believe the short code audit is incorrect.

 

Reporting CTIA Short Code Violations

Have you found a short code that’s violating any of the rules in the CTIA Short Code Monitoring Handbook? If so, report violations to the CTIA Compliance Care Team at us.support@wmcglobal.com. When reporting a short code violation, include the following information:

  • Location of the call to action
  • SMS short code number

If the CTIA decides to take action against a short code owner for a violation, the information of the person who reported the violation will be kept confidential.

We hope this answered your short code related question. If you have other concerns about short code requirements, definitions, and regulations, explore our Learning Center. This website exists to support your short code research.